package com.gale.park.interceptor;

import com.gale.park.common.api.ResultCode;
import com.gale.park.common.exception.ApiException;
import com.gale.park.common.util.JwtTokenUtil;
import com.gale.park.modules.ums.model.UmsAdmin;
import com.gale.park.modules.ums.service.UmsAdminRoleRelationService;
import com.gale.park.modules.ums.service.UmsAdminService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.List;

/**
 * 作用： 验证 用户是否登录、菜单资源权限
 */
public class AuthInterceptor extends HandlerInterceptorAdapter {
    // 配置文件中的白名单secure.ignored.urls
    private List<String> urls;

    @Autowired
    private UmsAdminService umsAdminService;
    @Autowired
    private JwtTokenUtil jwtTokenUtil;
    @Value("${jwt.tokenHeader}")
    private String tokenHeader;
    @Autowired
    UmsAdminRoleRelationService umsAdminRoleRelationService;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

        //1、不需要登录就可以访问的路径——白名单
        // 获取当前请求   /admin/login
        String requestURI = request.getRequestURI();
        // Ant方式路径匹配 /**  ？  _
        PathMatcher matcher = new AntPathMatcher();
        // 因为session基于cookie,解决cookie的跨站不能共享的新特性问题（课后同学反馈所加，很多同学浏览器中有这个新特性）
        response.setHeader("SET-COOKIE", "JSESSIONID=" + request.getSession().getId() + ";Path=/;secure;HttpOnly;SameSite=None");
        for (String ignoredUrl : urls) {
            if (matcher.match(ignoredUrl, requestURI)) {
                return true;
            }
        }

        String token = request.getHeader(tokenHeader).split(" ")[1];
        String userName = jwtTokenUtil.getUserNameFromToken(token);
        UmsAdmin umsAdmin = umsAdminService.getAdminByUsername(userName);

        //2、未登录用户，直接拒绝访问
        if (null == umsAdmin) {
            throw new ApiException(ResultCode.UNAUTHORIZED);
        } else {
            //3、已登录用户，判断是否有资源访问权限
            // 获取用户所有可访问资源
            if (requestURI.indexOf("delete") != -1) {
                // 判断有无删除权限

                if (!umsAdminRoleRelationService.findRole(umsAdmin.getId())) {
                    return true;
                } else {
                    throw new ApiException(ResultCode.FORBIDDEN);
                }


            }
            return true;
        }
    }


    public List<String> getUrls() {
        return urls;
    }

    public void setUrls(List<String> urls) {
        this.urls = urls;
    }
}
